Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 3 su 3
  1. 20-01-2009, 14:53 #1
    nonnojet
    nonnojet non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2009
    Messaggi
    3

    Eliminazione File Avast All'avvio

    Ciao a tutti....

    mi sono appena registrato e quindi per prima cosa saluto tutta la board........

    non sono pratico di pc e quindi chiedo la vostra pazienza ....

    ho letto un pò prima di scrivere per vedere se trovavo delle informazioni utili.

    il problema ....

    quando accendo il pc a caricamento programmi quasi terminato mi compare una finestra di spybot che mi avvisa della eliminazione di un file dll di avast .

    io nego la conferma...

    con spybot , avast , Spywre terminator non rilevo nulla .
    L'unico che rileva qualcosa e Malwarebytes che indica i Trojan serauth1.dll e serauth2.dll che anche se rimossi si ricreano .

    in più rilevo dei files "strani" in Windiws/sistem32 ovvero ....

    lsprst7.tgz
    lsprst7.dll
    nsprs.tgz
    nsprs.dll
    ssprs.tgz
    ssprs.dll

    ho provveduto alla rimozione ed alla reistallazione sia di spybot che di avast .....

    inserisco nel post successivo il file .log di HijackThis v2.0.2
    non conoscendo bene l'uso del pc gradirei un linguaggio da asilo infantile ....


    grazie anticipato per l'aiuto ......
    Rispondi quotando Rispondi quotando
  2. 20-01-2009, 14:54 #2
    nonnojet
    nonnojet non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2009
    Messaggi
    3

    Eliminazione File Avast All'avvio II°

    questo il file log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13.19.13, on 20/01/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\AtSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\a-squared Free\a2service.exe
    C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
    C:\Programmi\Lectra\IManager\bin\fontserver.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\Lectra\IManager\bin\lpdaemon.exe
    C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
    C:\Programmi\Windows Defender\MSASCui.exe
    C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Programmi\Lectra\IManager\bin\osidaemon.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Lectra\Modaservice\modaserv.exe
    C:\Programmi\Acronis\TrueImage\TrueImageMonitor.ex e
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
    C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Programmi\Cyberlink\Shared Files\brs.exe
    C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
    C:\Programmi\File comuni\Gerber Technology\gt license manager\lmserver\winnt\lservnt.exe
    C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Programmi\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\UPHClean\uphclean.exe
    C:\Programmi\Lectra\VigiPrint\bin\vpdaemon.exe
    C:\Programmi\Lectra\XChangCutOut\bin\xcdaemon.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programmi\Lectra\Digitizer\bin\digitizer.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\Programmi\FreePOPs\freepopsd.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
    C:\Programmi\Outlook Express\msimn.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Skype\Phone\Skype.exe
    C:\Programmi\Skype\Plugin Manager\SkypePM.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin .dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield. exe"
    O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Acronis_True_Image Monitor] "C:\Programmi\Acronis\TrueImage\TrueImageMonitor.e xe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [RemoteControl8] C:\Programmi\CyberLink\PowerDVD8\PDVD8Serv.exe
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programmi\CyberLink\PowerDVD8\Language\Language .exe
    O4 - HKLM\..\Run: [BDRegion] C:\Programmi\Cyberlink\Shared Files\brs.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunOnce: [aswAhAScr.dll] C:\PROGRA~1\ALWILS~1\Avast4\ASWREG~1.EXE "C:\Programmi\Alwil Software\Avast4\AhAScr.dll"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Digitizer.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1165927625093
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B805591-4D8A-45EC-A1B2-F6235A20AD8C}: NameServer = 212.216.112.112,212.216.172.62
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0B805591-4D8A-45EC-A1B2-F6235A20AD8C}: NameServer = 212.216.112.112,212.216.172.62
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0B805591-4D8A-45EC-A1B2-F6235A20AD8C}: NameServer = 212.216.112.112,212.216.172.62
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Lectra Font Service (FontServer) - Unknown owner - C:\Programmi\Lectra\IManager\bin\fontserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
    O23 - Service: Lectra Print Service (LpDaemon) - Unknown owner - C:\Programmi\Lectra\IManager\bin\lpdaemon.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Modaservice - Unknown owner - C:\Programmi\Lectra\Modaservice\modaserv.exe
    O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SentinelLM - Unknown owner - C:\Programmi\File comuni\Gerber Technology\gt license manager\lmserver\winnt\lservnt.exe
    O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
    O23 - Service: Lectra VigiPrint Service (VPDaemon) - Unknown owner - C:\Programmi\Lectra\VigiPrint\bin\vpdaemon.exe
    O23 - Service: Lectra XChangCutOut Service (XCDaemon) - Unknown owner - C:\Programmi\Lectra\XChangCutOut\bin\xcdaemon.exe
    --
    End of file - 12442 bytes
    Rispondi quotando Rispondi quotando
  3. 28-01-2009, 14:02 #3
    nonnojet
    nonnojet non è in linea
    Utente di HTML.it
    Registrato dal
    Jan 2009
    Messaggi
    3
    un aiuto ?.....
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.